Vault

i thought OSCP has 1 buffer overflow exploit?

.

You might be overthinking it. Have a look at its contents and see what you could do with that combined with the webpage.

first attempt at this box - found that first folder. Sneaky ! - made me laugh

Are others also having trouble with pivoting into the D** box? I have the correct approach and technique (I’ve gotten a shell twice), but it is incredibly unreliable. The exact same command, which worked a moment ago, copy/pasted to retry, doesn’t work.

Moreover, resetting the box on the dashboard doesn’t do anything. Eventually after waiting for 1.5 hours for it to reset, it reset – and then the same technique worked again, but only once.

What is going on with this box? Is it being hammered that much or do I have it wrong somehow? I don’t want to post what I’m trying in detail here, that’s obviously why I’m omitting details.

Edit: I overlooked the fact that there is an easy way back in, once you’ve gotten in once. That at least helps a lot. I was too eager and used the file in question to move onto the real target not realizing the same credentials gets you back into the D** box.

@raiden99 said:
Are others also having trouble with pivoting into the D** box? I have the correct approach and technique (I’ve gotten a shell twice), but it is incredibly unreliable. The exact same command, which worked a moment ago, copy/pasted to retry, doesn’t work.

Moreover, resetting the box on the dashboard doesn’t do anything. Eventually after waiting for 1.5 hours for it to reset, it reset – and then the same technique worked again, but only once.

What is going on with this box? Is it being hammered that much or do I have it wrong somehow? I don’t want to post what I’m trying in detail here, that’s obviously why I’m omitting details.

Also I am three days that I have the same problem, to have a shell wrapped I have to wait hours, and when I’m inside another reset part.

That was a fun env for sure. Nice !!

Hi there,
Is the on a rabbit hole? I could not find any way to leverage it. Or is the v*/s*** thing is the right way in?

@Zoakish said:
Hi there,
Is the o**n a rabbit hole?

No

Anyone willing to give a hint (PM) on file upload? Genuinly stuck, have researched several things and tried even more, can’t seem to get it working.

@Center said:
Anyone willing to give a hint (PM) on file upload? Genuinly stuck, have researched several things and tried even more, can’t seem to get it working.

You may not need file upload. There are other options.

got root on 192…4 DNS box.
there are:
1…n s…sh
Please pm for direction what do to with these files…

.

.

@dunnomilton said:
Please pm for direction what do to with these files…

Read them.

Then you need to find a way to use what they say, so it would be good to treat the new boxes like any other new box and enumerate. Find out what ports are open (net cat can be used as a portscanner if you cant get nmap on it) and then enumerate them.

Once you do this, you will find the thing you need to use the files you’ve found.

@evandrix said:
is the credentials to access 192.168.122.4/5 on the host 10.10.10.109?

Have you checked if you need credentials?

gobustering should always be supplemented with a custom word list (which may include only a couple of words). Cewl is there if you need it.

nvm, rooted!! happy pixie dance

Nice one!

Currently got user but im unsure where to go from there i have done some Lin enumeration but i have no idea where to go from there any assistance?